Total
36294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0544 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. | |||||
| CVE-2011-0428 | 1 Ikiwiki | 1 Ikiwiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments. | |||||
| CVE-2010-5340 | 1 Icewarp | 1 Webclient | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0. | |||||
| CVE-2010-5339 | 1 Icewarp | 1 Webclient | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0. | |||||
| CVE-2010-5338 | 1 Icewarp | 1 Webclient | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0. | |||||
| CVE-2010-5337 | 1 Icewarp | 1 Webclient | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0. | |||||
| CVE-2010-5336 | 1 Icewarp | 1 Webclient | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0. | |||||
| CVE-2010-4662 | 1 Pmwiki | 1 Pmwiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PmWiki before 2.2.21 has XSS. | |||||
| CVE-2010-4659 | 1 Status | 1 Statusnet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents. | |||||
| CVE-2010-4264 | 1 Vanillaforums | 1 Vanilla Forums | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side. | |||||
| CVE-2010-4245 | 1 Translatehouse | 1 Pootle | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| pootle 2.0.5 has XSS via 'match_names' parameter | |||||
| CVE-2010-4240 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Tiki Wiki CMS Groupware 5.2 has XSS | |||||
| CVE-2010-3857 | 1 Redhat | 1 Jboss Business Rules Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter. | |||||
| CVE-2010-3674 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TYPO3 before 4.4.1 allows XSS in the frontend search box. | |||||
| CVE-2010-3672 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension. | |||||
| CVE-2010-3669 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box. | |||||
| CVE-2010-3665 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager. | |||||
| CVE-2010-3660 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. | |||||
| CVE-2010-2472 | 1 Drupal | 1 Drupal | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission. | |||||
| CVE-2010-2250 | 1 Drupal | 1 Drupal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack. | |||||